7.5
CVE-2008-5221
- EPSS 2.41%
- Veröffentlicht 25.11.2008 18:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wportfolio ≫ Wportfolio Version <= 0.3
Wportfolio ≫ Wportfolio Version0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.41% | 0.846 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.